Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 905856 (CVE-2023-30570)

Summary: <net-vpn/libreswan-4.11: Malicious IKEv1 Aggressive Mode packets can crash libreswan
Product: Gentoo Security Reporter: Hans de Graaff <graaff>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 908647    
Bug Blocks: 897916    

Description Hans de Graaff gentoo-dev Security 2023-05-07 06:07:19 UTC 
===========================================================================
CVE-2023-30570: Malicious IKEv1 Aggressive Mode packets can crash libreswan
===========================================================================

This alert (and any updates) are available at the following URLs:
https://libreswan.org/security/CVE-2023-30570/

The Libreswan Project was notified by github user "XU-huai" of an
issue with receiving a malformed IKEv1 Aggressive Mode packet that
would cause a crash and restart of the libreswan pluto daemon. When
sent continuously, this could lead to a denial of service attack.

Vulnerable versions : libreswan 3.28 - 4.10
Not vulnerable      : libreswan 3.0 - 3.27, 4.11+

Vulnerability information
=========================
When an IKEv1 Aggressive Mode packet is received with only unacceptable
crypto algorithms, the response packet is not sent with a zero responder
SPI. When a subsequent packet is received where the sender re-uses the
libreswan responder SPI, the pluto daemon state machine crashes. No
remote code execution is possible.

Exploitation
============
This vulnerability requires that pluto is configured with at least one
potentially matching IKEv1 Aggressive Mode connection. Per default,
pluto only accepts IKEv2 packets. When IKEv1 is enabled, only Main Mode
packets are accepted unless the connection is configured explicitely
with aggressive=yes or via its older name aggrmode=yes.

When an IKEv1 Aggressive Mode connection is enabled, a malicious peer
needs to send an IKEv1 Aggressive Mode packet with an unsupported
algorithm, such as DH2.  Then the malicious peer needs to be able to
receive the reply so it can resend the packet with the received responder
SPI added to cause the libreswan pluto daemon to crash and restart.

The vulnerable code has been in the code base since 2003 (then still
named "openswan") but only became reachable since an IKEv1 Aggressive
Mode change that was introduced in libreswan 3.28.

Workaround
==========
IKEv1 Aggressive Mode connections could be converted to IKEv2 or IKEv1 Main Mode
connections. If this is not feasable, patching or upgrading is the only other
alternative.
Comment 1 Hans de Graaff gentoo-dev Security 2023-05-07 06:10:09 UTC 
Aggressive mode is the that all security guides tell you to turn off because it also has structural security issues, so I guess the number of installations actually affected by this is small.

In any case, libreswan 4.11 has been added.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-08 04:40:31 UTC 
Thanks! Please stable 4.11 when ready.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-19 02:55:04 UTC 
Thanks! Please cleanup
Comment 4 Hans de Graaff gentoo-dev Security 2023-06-19 04:57:07 UTC 
Cleanup done.